EL storage: Restrict bucket access to specified IP addresses

On-premises storage solutions in companies can cause increasingly higher maintenance and hardware costs. 
At EBERTLANG, we offer you 100% S3-compatible storage with EL storage, which is up to 80% cheaper than other providers, works together with common backup solutions such as Altaro and BackupAssist, and is available from as little as 1TB. 
The technology behind is based on Wasabi.

To restrict access to the contents of an EL storage bucket to specific public IP addresses (e.g. the WAN IP of the firewall or the public IP of the hosted VM at the provider), you must configure a policy for the bucket. 
To do this, log in to your web console at https://console.wasabisys.com/#/login, click on Buckets → Actions → Settings to open the configuration of the relevant bucket.

Now switch to the Policies tab. Here you need to configure the following policy for the bucket:
  "Id": "Policy1512590315712",
  "Version": "2012-10-17",
  "Statement": [
      "Sid": "Stmt1512590314407",
      "Effect": "Deny",
      "Principal": {
        "AWS": "*"
      "Action": "*",
      "Resource": [
      "Condition": {
        "NotIpAddress": {
          "aws:SourceIp": ["",""]

For "my-bucket" you must insert the name of the bucket for which you configure the policy. For "aws:SourceIp", you must specify in the square brackets the IPs or IP ranges that are allowed to access the bucket (see example).
Explanation: restricts all IP addresses within the /16 subnet. restricts exactly this specific IP address.

If a green tick appears above the code window, the policy is valid. If a red cross appears, it may contain a formatting error. However, the statement often lacks closing braces, curly braces, or square brackets.

For more information, see the manufacturer's knowledge base.